/**
 * 
 */
package neptune.web.server.security;

import it.robertobifulco.ias.PermissionHandler;
import it.robertobifulco.ias.UnauthorizedOperationException;
import it.robertobifulco.ias.principalmanager.Principal;
import neptune.manager.storage.ExperimentRepositoryException;
import neptune.web.client.model.DefaultRoles;
import neptune.web.server.ApplicationManager;
import neptune.web.server.InitializationException;
import neptune.web.server.operations.WriteTopologyFile;

/**
 * @author Vathalas
 * 
 */
public class WriteTopologyFilePH implements PermissionHandler {

	/*
	 * (non-Javadoc)
	 * 
	 * @see
	 * it.robertobifulco.ias.PermissionHandler#verifyPermission(java.lang.String
	 * , it.robertobifulco.ias.principalmanager.Principal)
	 */
	public void verifyPermission(String operationName, Principal principal)
			throws UnauthorizedOperationException {
		if (operationName.equals(WriteTopologyFile.ID)) {
			// Il system admin ha diritto di cancellare qualsiasi esperimento
			if (principal.getRole().equals(DefaultRoles.SYSTEM_ADMIN))
				return;

			throw new UnauthorizedOperationException(
					"Not enough infos to concede the permission");
		}
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see
	 * it.robertobifulco.ias.PermissionHandler#verifyPermission(java.lang.String
	 * , it.robertobifulco.ias.principalmanager.Principal, java.lang.Object)
	 */
	public void verifyPermission(String operationName, Principal principal,
			Object extraInfos) throws UnauthorizedOperationException {

		if (!operationName.equals(WriteTopologyFile.ID))
			return;
		if (principal.getRole().equals(DefaultRoles.SYSTEM_ADMIN))
			return;
		
		String expId = (String) extraInfos;

		try {

			// Concede il permesso all'amministratore dell'esperimento
			String admin = ApplicationManager.getApplicationManager()
					.getNeptuneManager().getExperimentsRepository()
					.getExperimentAdmin(expId);

			if (principal.getId().equals(admin))
				return;

			// Concede il permesso ai super user dell'esperimento
			String[][] users = ApplicationManager.getApplicationManager()
					.getNeptuneManager().getExperimentsRepository()
					.getExperimentUsers(expId);

			for (int i = 0; i < users.length; i++) {
				// Se principal e' fra gli utenti dell'exp
				if (users[i][0].equals(principal.getId())) {
					// Se il ruolo del principal e' di super user per l'exp
					//if (users[i][1].equals(DefaultRoles.EXPERIMENT_SUPER_USER))
					// corretto bugs: anche l'utente semplice può fare l'upload della topologia
					if ( (users[i][1].equals(DefaultRoles.EXPERIMENT_NORMAL_USER)) || (users[i][1].equals(DefaultRoles.EXPERIMENT_SUPER_USER)) )
						return;
					else
						throw new UnauthorizedOperationException("Principal '"
								+ principal.getId() + "' is a "
								+ DefaultRoles.EXPERIMENT_NORMAL_USER
								+ " of the experiment '" + expId
								+ "': the operation '" + operationName
								+ "' is unauthorized.");
				}
			}

			throw new UnauthorizedOperationException("Operation "
					+ operationName + " is unauthorized for principal "
					+ principal.getId());
		} catch (ExperimentRepositoryException e) {
			throw new UnauthorizedOperationException(e);
		} catch (InitializationException e) {
			e.printStackTrace();
			throw new UnauthorizedOperationException(e);
		}
	}

}
